Is it possible to initially deploy PAM instances on VM environment and then migrate them into AWS or Azure environments?

Release: 3.x, 4.x
Component: CAPAMX

While physically moving or converting VMware vmdk’s to AWS or Azure formats is not supported by Symantec PAM (for several reasons),  you can migrate your services by joining newly created PAM appliances as a secondary site from the alternative format into the PAM cluster. This would effectively copy all data from your running cluster and once you are comfortable with the new appliances simply remove the older VMware appliance from the cluster configuration and decommission them. This may require some additional configurations to open a firewall rules to allow your current PAM servers to access AWS and you would have to deploy your new appliances described in the manuals.

AWS - https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-0/deploying/deploy-on-an-aws-amazon-machine-image-ami.html

Azure - https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-0/deploying/deploy-a-vhd-on-azure.html

Add cluster site - https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-0/deploying/set-up-a-cluster/configure-a-cluster/add-a-cluster-site.html

The only other options would be to use export/import methods described in the manuals. Additional methods would need to be considered for policies and other data.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-0/reference/import-and-export-data-for-provisioning.html